BRS Webweaver 1 33 Scripts Access Restriction Bypass Vulnerability

Hack Forums,Cryptography, Encryption, and DecryTV Online,Dolce Sport Live,GSP SI DIGI SPORT ONLINE,FileList si Openetwork,Yahoo Invisible Check,Hack,windows,linux,games,cs,arhiva,psybnc,mirc,scan,ssh,free porn movie,xxx,sex,Digi keyMatrimoniale,Wantedsoft
Welcome to www.team3d.3xforum.ro GSP SI DIGI SPORT ONLINE,FileList si Openetwork,Yahoo Invisible Check,Hack,windows,linux,games,cs,arhiva,psybnc,mirc,scan,ssh

Lista Forumurilor Pe Tematici

Hack Forums,Cryptography, Encryption, and DecryTV Online,Dolce Sport Live,GSP SI DIGI SPORT ONLINE,FileList si Openetwork,Yahoo Invisible Check,Hack,windows,linux,games,cs,arhiva,psybnc,mirc,scan,ssh,free porn movie,xxx,sex,Digi keyMatrimoniale,Wantedsoft | Reguli | Inregistrare | Login

POZE HACK FORUMS,CRYPTOGRAPHY, ENCRYPTION, AND DECRYTV ONLINE,DOLCE SPORT LIVE,GSP SI DIGI SPORT ONLINE,FILELIST SI OPENETWORK,YAHOO INVISIBLE CHECK,HACK,WINDOWS,LINUX,GAMES,CS,ARHIVA,PSYBNC,MIRC,SCAN,SSH,FREE PORN MOVIE,XXX,SEX,DIGI KEYMATRIMONIALE,WANTEDSOFT

Nu sunteti logat.

Nou pe simpatie:
just_iulia

Femeie
25 ani
Giurgiu
cauta Barbat
26 - 48 ani

Moderat de Anonymus

Autor

Mesaj

Pagini: 1

[ESP][D][M][X]Team**3D**
Administrator

Inregistrat: acum 18 ani
Postari: 78239

###########################################################################################
#
# Name : BSR Webweaver Version 1.33 /Scripts access restriction bypass vulnerbility
# Author : Usman Saeed
# Company : Xc0re Security Reasearch Group
# Date : 15/09/09
# Homepage :
#
###########################################################################################

[*] Download Page :

[*] Attack type : Remote

[*] Patch Status : Unpatched

[*] Description : In ISAPI/CGI path is [%installdirectory%/scripts] and
through HTTP the alias is [http://[host]/scripts] ,

The access security check is that if the attacker tries to access /scripts
a 404 Error response occurs ! Now to bypass and

check the directory listing [That is if Directory Browsing is allowed in
the server Configuration !] just copy and paste the

exploit url !.

This is the reason this exploit is not called a Directory Listing Exploit !

[*] Exploitation :

[+]

pus acum 16 ani

Pagini: 1

Mergi la